At present, in an LTE system, with a highly-dispersed geographical location and logical structure, an E-UTRAN Node B (eNB) cannot be controlled in security by an operator intensively, so that each eNB is in a non-secure area.
The eNB needs to select an AS security algorithm suitable for itself according to respective specific condition and the security capability of a User Equipment (UE). The basic principle of selecting the AS security algorithm is: the security capability information of the UE is sent to the eNB by a signaling procedure, (for example, a core network carries the security capability of the UE to the eNB by an initial context establishment request message), the eNB selects the AS security algorithm with the highest priority from the intersection of the AS security algorithms supported by itself and the UE. During a handover, the eNB needs to update the AS security algorithm according to the principle above and notifies the UE of the new AS security algorithm by an air interface message.
Each eNB needs to maintain the AS security parameters (including algorithm and key) between itself and the UE on its own. Obviously, each eNB may support different AS security algorithms. When switched across the eNB, the UE may further initiate an RRC connection re-establishment at a target eNB if switched unsuccessfully, at the moment, if the target eNB does not support the original AS security algorithm of the UE, the AS security algorithm will not be synchronous, specifically:
It is assumed that the AS security algorithm supported by eNB1 is not supported by eNB2, when the UE initiates the RRC connection re-establishment to eNB2 as switched to eNB2 unsuccessfully (for example, the RRC re-configuration is invalid during the handover), if the UE does not select an AS security algorithm again according to the AS security algorithm supported by eNB2 but still adopts the original AS security algorithm (i.e., that supported by eNB1) for the integrity protection and encryption of the RRC re-establishment completion message, eNB2 will surely fail to decrypt the message and check its integrity as not supporting the original AS security algorithm, which will ultimately result in the failed access of the switched UE, thereby seriously affecting the experience of users.
For the problem that the AS security algorithm is not synchronous as the AS security algorithm is not updated in the RRC connection re-establishment, generally, an AS security algorithm configuration cell may be added in the RRC connection re-establishment message sent from the eNB to the UE to solve it. However, a new problem may occur: a new AS security algorithm configuration can be sent to the UE only by the RRC connection re-establishment message, whose integrity itself is not protected, therefore, if a malicious attacker tempers with a data encryption algorithm carried in the RRC connection re-establishment message, the eNB and UE cannot discover this in time, accordingly, there will be a lot of invalid data packets which cannot be decrypted by the eNB in the air interface in a period, so as to not only waste air interface resources but also further affect user experience seriously.